Interactive Report Summary

Q2 2021 Threat Report

Malware activity began to rise while Nuspire saw a decrease in botnet and exploit activity compared to Q1.
Download the Report

Top Findings at a Glance

Lesson learned in Q2 2021: Cybersecurity is not a solo effort. Q2 brought some major news in ransomware, including the Colonial Pipeline attack, the disbandment of the DarkSide and REvil ransomware gangs and, as we head into Q3, the arrival of the newest gang to the block, BlackMatter.

MALWARE

VBA Agent is back on the rise

41.84% spike in malware was observed in Q2

BOTNET

Emotet disruption leads to lowest number of Botnets

45,027 infections per week in Q2 2021

EXPLOIT

Increase in brute force attacks

8,458.92% SMB attacks increased throughout the quarter

Nuspire Culture - Nuspire technician in server room

If Botnet activity continues to trend up, Q3 may shine a light on major events connected to the increase in detections.

Nuspire witnessed an increase of SSH brute forcing by 34,310.07%.

Methodology

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q2 2021 in Review

April through June

Image

APRIL 21

Joint Advisory from NSA, CISA and FBI released regarding Russian Foreign Intelligence Service

APRIL 23

Qlocker Ransomware Targets QNAP devices Via 7-Zip Archives

APRIL 26

Emotet Receives Final “Uninstall” Update from Law Enforcement

MAY 5

Millions of Dell Users at Risk from Kernel-Privilege Bugs

MAY 12

Colonial Pipeline Shuts Down Due to Ransomware Attack

MAY 14

DarkSide Ransomware Retreats and REvil Changes Targets

JUNE 1

New Ransomware Epsilon Red Actively Targeting Unpatched Microsoft Exchange Servers

JUNE 30

Proof of Concept Exploit Code Released for Windows Print Spooler Vulnerability

Let's Dive Into the Data

#
Activity
Average
0

Total Events

0

Unique Variants

0.84%

Total Activity

Malware

VBA agent activity decreased throughout Q1, and as predicted, it’s now back on the rise ― increasing 269.94% from the beginning of the quarter to peak activity in week 10. Activity often comes and goes in waves while threat actors retool, develop new capabilities and adjust phishing lures.

#
Activity
Average
0

Total Events

0

Unique Variants

-0.34%

Total Activity

Botnets

The decrease in activity likely can be attributed to the Q1 shutdown of the Emotet botnet, which significantly impacted the botnet space. Generally, activity observed during Q2 was provided by the Andromeda and Torpig botnets, which typically have been the most active since Emotet’s disruption.

#
Activity
Average
0

Total Events

0

Unique Variants

0.60%

Total Activity

Exploits

SSH login brute force attempts also shared a similar story with the exception of activity beginning to trail off after week 8. From the beginning of the quarter to the peak of activity, Nuspire witnessed an increase of SSH brute forcing by 34,310.07%.

Stay Vigilant

Unfortunately, there is more in store in the cybersecurity threat scape for 2021. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.
Download the Report